Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.

Related CVEs

CVE-2020-25184

Key Information

GHSA ID

GHSA-3f6m-7jq2-3x7m

Published

March 19, 2022 12:00 AM

Last Modified

April 5, 2022 12:01 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.